Maltrail IOC for 2026-02-27
Maltrail IOC for 2026-02-27
AI Analysis
Technical Summary
This threat report concerns a Maltrail IOC dated February 27, 2026, sourced from the CIRCL OSINT Feed, classified under malware and network activity categories. Maltrail is an open-source network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known indicators. The IOC is tagged with medium risk and is an observational event without specific affected software versions or detailed indicators of compromise. No patches or known exploits are associated with this IOC, indicating it is primarily an intelligence observation rather than an active exploit report. The technical details provided are minimal, including a UUID and an original timestamp, but no concrete indicators such as IP addresses, domains, or file hashes are included. The absence of detailed technical indicators limits the ability to perform targeted detection or remediation. The IOC's classification as medium severity suggests a moderate potential impact on confidentiality, integrity, or availability, likely due to the malware nature and network activity involved. The report is intended for use in threat intelligence correlation and network monitoring enhancements rather than immediate incident response. Organizations using Maltrail or similar network detection tools should incorporate this IOC into their monitoring to identify potential malicious network behavior. The lack of known exploits and patches implies that this is a proactive intelligence feed rather than a reactive alert to an ongoing attack campaign.
Potential Impact
The potential impact of this IOC is moderate, reflecting the medium severity rating. As it relates to malware and network activity, organizations could face risks including unauthorized network access, data exfiltration, or disruption of network services if the underlying malware is active. However, the absence of known exploits in the wild and lack of specific affected versions reduce the immediacy and severity of the threat. The impact is primarily on network security monitoring and threat detection capabilities. Organizations that do not integrate updated threat intelligence may miss early signs of malicious activity, increasing the risk of undetected compromise. Conversely, organizations with mature security operations and network monitoring can use this IOC to enhance detection and potentially prevent malware-related incidents. The broad and generic nature of the IOC means it could apply to many sectors and geographies, especially those with significant network infrastructure and internet exposure. The lack of patch availability suggests mitigation relies on detection and response rather than vulnerability remediation. Overall, the impact is moderate but underscores the importance of continuous threat intelligence integration and network monitoring to mitigate malware risks.
Mitigation Recommendations
1. Integrate the Maltrail IOC into existing network monitoring and intrusion detection systems to enhance detection of suspicious traffic patterns. 2. Regularly update threat intelligence feeds, including OSINT sources like CIRCL, to maintain awareness of emerging malware indicators. 3. Conduct network traffic analysis focusing on anomalies that may indicate malware activity, such as unusual outbound connections or data flows. 4. Employ behavioral analytics and correlation with other threat intelligence to identify potential compromise early. 5. Ensure incident response teams are prepared to investigate and respond to alerts generated by Maltrail or similar detection tools. 6. Harden network perimeter defenses, including firewalls and proxy configurations, to limit exposure to malicious traffic. 7. Educate network administrators and security personnel on interpreting Maltrail alerts and integrating them into broader security operations. 8. Since no patches are available, emphasize detection and containment strategies rather than relying on vulnerability remediation. 9. Perform regular network segmentation and least privilege enforcement to limit malware propagation if detected. 10. Maintain comprehensive logging and monitoring to support forensic analysis if an incident occurs.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Japan, South Korea, Netherlands, Sweden
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/0646683ef79252a23e46ab0f0c2f5cd19622153a
- domain: rv-tools.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/ef8592c301ca981ee5e763e64a2799a42dfb624a
- domain: online.zitlex.com
- domain: zitlex.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/9b786d496f9492f593d4f4d4d65f55da0fe1f8ee
- url: https://x.com/malwrhunterteam/status/2027011120574124509
- url: https://x.com/smica83/status/2027089623122403792
- url: https://www.virustotal.com/gui/file/91a2945d99ee794a0461427a14ca731187b8143b847b85993ea7d5367c2c1c0c/detection
- domain: msftconnecttest.xyz
- domain: a.msftconnecttest.xyz
- domain: asset.msftconnecttest.xyz
- domain: demo.msftconnecttest.xyz
- domain: test.msftconnecttest.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/a6a5d4fc2e913d96182c8ba9c1cf9296ae1d8c3e
- url: https://x.com/RedDrip7/status/2027209484784017629
- url: https://www.virustotal.com/gui/file/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76/detection
- ip: 107.172.39.100
- domain: ashersoftlib.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3f6f94d4cbe5ca9362428adb4dee7084d1cdd24b
- domain: petitle.cloud
- url: https://api.github.com/repos/stamparm/maltrail/commits/580ed2e5cc6de73363f5768a87fbdd3339dc2d7c
- url: https://www.virustotal.com/gui/file/d1bfeeffb9ce99d92afa5d76997222d616214c0df0a12a6099d09d8c94f1a1fa/detection
- domain: resistantmusic.shop
- url: https://api.github.com/repos/stamparm/maltrail/commits/1aef6ec81fe3d2f652843e6dbe91455a2cd62f5c
- url: https://www.virustotal.com/gui/file/7e92a078f6f875b189bc4b2bca87f4f737eb2048356a51a1962f359b645d1b0f/detection
- domain: dax.estate
- url: https://api.github.com/repos/stamparm/maltrail/commits/fc046d4c30e9cf55674bf051ff38d5ddd5ded3d6
- url: https://x.com/volrant136/status/2027043925819896216
- url: https://www.virustotal.com/gui/file/b2e9ef81af6c4686944e5c589d420fc9dffbf9af7afe3e1e913cece273626070/detection
- ip: 185.82.202.150
- ip: 162.19.214.220
- domain: 162-19-214-220.eyeohost.net
- domain: 162.19.214.220.sslip.io
- domain: apostile.zapto.org
- domain: googletranslate.zapto.org
- domain: behnam.strangled.net
- domain: phoenixnetwork2.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/d80f240b6a29965ab001b54937bd0551badb89b4
- url: https://x.com/solostalking/status/2027059234941419597
- domain: fontfix-chrome.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/0b2c6651676f745850e5150528d491647cdb0f53
- domain: alpha-glance-rz.tech
- domain: chromium-report-tech-331as-2s1-tcd-h143.alpha-glance-rz.tech
- domain: doji-board-raz.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/032c33b2917a05e61f48ff99ab0faaf523441536
- url: https://x.com/g0njxa/status/2027082406847709524
- url: https://www.virustotal.com/gui/file/30427b6732fea64c2cdc0b40c19695902f2bdea5f87dab16b4082bb3cf208557/detection
- domain: beekeeperstudio-db.com
- domain: beekeeperstudio.cc
- domain: beekeeperstudio.co
- domain: beekeeperstudio.pro
- domain: beekeeperstudio.space
- domain: beekeeperstudio.tech
- domain: computerservicesource.com
- domain: dbeaver-database.app
- domain: dbeaver-database.cc
- domain: dbeaver-database.cloud
- domain: dbeaver-database.co
- domain: dbeaver-database.com
- domain: dbeaver-database.org
- domain: dbeaver-database.pro
- domain: dbeaver-database.tech
- domain: dbeaver-database.us
- domain: heidisql-enterprise.app
- domain: heidisql-enterprise.cc
- domain: heidisql-enterprise.cloud
- domain: heidisql-enterprise.co
- domain: heidisql-enterprise.com
- domain: heidisql-enterprise.ltd
- domain: heidisql-enterprise.org
- domain: heidisql-enterprise.pro
- domain: heidisql-enterprise.tech
- domain: heidisql-enterprise.us
- domain: heidisql.space
- domain: nmap.space
- domain: rvtools-dev.com
- domain: rvtools-skillcamp.com
- domain: rvtools.link
- domain: softwarep2p.com
- domain: vmware-rvtools.app
- domain: vmware-rvtools.cc
- domain: vmware-rvtools.cloud
- domain: vmware-rvtools.com
- domain: vmware-rvtools.ltd
- domain: vmware-rvtools.org
- domain: vmware-rvtools.pro
- domain: vmware-rvtools.tech
- domain: vmware-rvtools.us
- domain: beekeeperstudio.softwarep2p.com
- domain: dbeaver.softwarep2p.com
- domain: download.rvtools-dev.com
- domain: download.rvtools-skillcamp.com
- domain: nmap.softwarep2p.com
- domain: rvtools.softwarep2p.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/74c61d633c2eb017465ce1b7646c2f872175ae41
- domain: control-profile4.com
- domain: dapps-exchange.com
- domain: kunde-commerzbank.info
- domain: mijnfluviubeheer.com
- domain: mrelay-infocolis.com
- domain: neofinancial-auth.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3c6c4f689af3ec7e6f24f87b35a37f4099b65569
- ip: 35.78.231.220
- ip: 38.165.42.12
- ip: 45.113.1.204
- ip: 64.81.30.195
- url: https://api.github.com/repos/stamparm/maltrail/commits/e9623bfbd172be2f96469a10dde8e27981257fa0
- ip: 141.98.7.177
- ip: 179.61.145.140
- ip: 193.5.65.119
- ip: 78.46.66.146
- url: https://api.github.com/repos/stamparm/maltrail/commits/c318d0436c65b48f13d1843c5b25df90af33213d
- domain: xotca.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/45feac2ab60ae548370394c0e3f8d96ac03b4e31
- url: https://www.virustotal.com/gui/file/90f2b095eb3b4dd8b484cc50a3501601891d242e715cdc88bc1def44ef891fd5/detection
- url: https://www.virustotal.com/gui/file/07131e3fcb9e65c1e4d2e756efdb9f263fd90080d3ff83fbcca1f31a4890ebdb/detection
- url: https://www.virustotal.com/gui/file/50e8f85878234db719b27099ed389426f0c25e78bcce9814226c3b3d55ec99fa/detection
- url: https://www.virustotal.com/gui/file/65229ef9d09e4cbfae326d41c517576cc2143c259fd764f259f3925fc8917c8b/detection
- url: https://www.virustotal.com/gui/file/ae5bbb7cb9cc6da0947f65add264d421f90bd3ea04bc85035f23b615cb7be56e/detection
- ip: 212.227.65.132
- domain: pylex.xyz
- domain: thor.pylex.xyz
- domain: wintr.pylex.xyz
- domain: melo.pylex.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/40957fdc420272df142da97aea5cab94fa2151b7
- url: https://x.com/smica83/status/2027321348641419634
- domain: workflow-rest-wars-cargo.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/8f741ef2319a71e7fdd4535399e57722426e1baa
- url: https://x.com/tuckner/status/2027129670693495262
- url: https://annex.security/blog/pixel-perfect
- domain: bookrave.top
- domain: browser-extension.store
- domain: doodlebuggle.top
- domain: extension-12dq.lat
- domain: extension-studio.lat
- domain: extension.icu
- domain: extensionanalytics.top
- domain: extensionanalyticscenter.top
- domain: extensionanalyticspro.top
- domain: extensioncentre.top
- domain: getextensionanalytics.top
- domain: kowqlak.lat
- domain: slerok.top
- domain: api.extension-12dq.lat
- domain: api.extension-studio.lat
- domain: api.extension.icu
- domain: api.extensionanalytics.top
- domain: api.extensionanalyticscenter.top
- domain: api.extensionanalyticspro.top
- domain: api.extensioncentre.top
- domain: api.getextensionanalytics.top
- domain: api.slerok.top
- domain: ws.extensionanalyticspro.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/beb190e455a03c309301507e2fef1aff26fec6d1
- domain: hk.heying168.dpdns.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/046507b1605fc4fff7fbda4ca00c288c666772ed
- url: https://x.com/780thC/status/2027014144646594734
- url: https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata
- url: https://www.virustotal.com/gui/file/d0eeef1b864c653c59242e0e90c87c24da440555217dfdda815e0b53a24c6336/detection
- domain: decoraat.net
- domain: gesecole.net
- domain: onedow.gesecole.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/f8eeb640dc4067b3be0774bef05604143027c6bb
- domain: 303mattress.com
- domain: demaled.com
- domain: frolicforlife.com
- domain: lilhomo.com
- domain: moltbot-io.com
- domain: nivitv.com
- domain: simpelecapp.com
- domain: dev.simpelecapp.com
- domain: get.moltbot-io.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/8af1be6c7241bf5efa3a40ac4a01623fa85e8106
- domain: filemintednode.com
- domain: filezenithsync.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/9e32234844778ee037dc03b0bbb34382984ace80
- url: https://x.com/osint_barbie/status/2027258678978433419
- url: https://x.com/osint_barbie/status/2027258760507334982
- domain: advanceddreams.com
- domain: apps-tahoe.com
- domain: axisjam.com
- domain: babyspedia.com
- domain: benaadironline.com
- domain: bermavidrio.com
- domain: bestoralcarebd.com
- domain: bewitchydating.com
- domain: bonjourdoll.com
- domain: bquickautotransport.com
- domain: broganfund.com
- domain: camdenhine.com
- domain: cardio-d3fence.com
- domain: celebratudespedida.com
- domain: coco-fun2.com
- domain: dharmikrami.com
- domain: espootapump.com
- domain: evanyalabs.com
- domain: femaleledworld.com
- domain: get-mac-downloader.com
- domain: getpaidtoshipcars.com
- domain: henleyscleaning.com
- domain: holoxworldwide.com
- domain: hombressimbolicos.com
- domain: huntforwhitetails.com
- domain: icreaeditorial.com
- domain: ideafactorydesign.com
- domain: ihcdn.com
- domain: ikaaudio.com
- domain: ikasan.com
- domain: infinitydental-us.com
- domain: ironmanjosh.com
- domain: iyalojacoop.com
- domain: jetkonnect.com
- domain: jjdevelopment3.com
- domain: justjivie.com
- domain: lamestjamal.com
- domain: lnvilinbe.com
- domain: lumier-x.com
- domain: luzicleaning.com
- domain: marineso.com
- domain: maryambinfahad.com
- domain: maryannelatanyshyn.com
- domain: maxysai.com
- domain: missisoft.com
- domain: moalam.com
- domain: muhibul.com
- domain: neighborsaver.com
- domain: netro-stmen.com
- domain: noorets4so.com
- domain: nwesfactory.com
- domain: osmac-get.com
- domain: paulocruzes.com
- domain: purefellowship.com
- domain: rampageactive.com
- domain: readingtheneedle.com
- domain: restorationsmedia.com
- domain: rileycrabtreemusic.com
- domain: rollencharlies.com
- domain: shinygemlight.com
- domain: simmiddleeast.com
- domain: stumbleandstirbeautybar.com
- domain: thefirstfollow.com
- domain: thevipstay.com
- domain: trackprotech.com
- domain: tradingview-terminal.com
- domain: tri2s-sh7es.com
- domain: valpem.com
- domain: watchzmall.com
- domain: whattodoincusco.com
- domain: whywetlandmatters.com
- domain: workingspells.com
- domain: wowirishtours.com
- domain: xhifting.com
- domain: xpressdispatchers.com
- domain: yourenergyispower.com
- domain: zeeklyons.com
- domain: a.apps-tahoe.com
- domain: a.get-mac-downloader.com
- domain: a.netro-stmen.com
- domain: a.osmac-get.com
- domain: b.apps-tahoe.com
- domain: b.netro-stmen.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/287e7cad45c263e0bd8625f1ac6562b634ae5ff2
- domain: database-lists.com
- domain: heidisql.database-lists.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/17691826c77ac512dce449a8a335bf26c035dc18
- domain: vmwarevelocity.com
- domain: rvtools.vmwarevelocity.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/460f87669f823bc1a2faffac94437f072a0b62dd
- ip: 101.43.106.66
- ip: 81.70.144.252
- url: https://api.github.com/repos/stamparm/maltrail/commits/94f775970d17c5cdc6d236edb5f87a4f01910fbb
- url: https://www.virustotal.com/gui/ip-address/85.12.205.35/relations
- ip: 85.12.205.35
- url: https://api.github.com/repos/stamparm/maltrail/commits/1098aac99b275aea870b6d7a49e25380e08dd769
- domain: auroracloudhub1.baby
- domain: auroracloudhub1.homes
- domain: auroracloudhub1.xyz
- domain: auroracloudhub2.baby
- domain: auroracloudhub2.lat
- domain: auroracloudhub2.xyz
- domain: auroracloudhub3.cfd
- domain: auroracloudhub3.cyou
- domain: auroracloudhub3.homes
- domain: auroracloudhub3.lat
- domain: auroracloudhub4.cyou
- domain: auroracloudhub4.homes
- domain: orbitdatadepot1.cyou
- domain: orbitdatadepot1.homes
- domain: orbitdatadepot1.xyz
- domain: orbitdatadepot2.cfd
- domain: orbitdatadepot2.lol
- domain: orbitdatadepot2.xyz
- domain: orbitdatadepot3.cfd
- domain: orbitdatadepot3.homes
- domain: orbitdatadepot3.lol
- domain: orbitdatadepot4.baby
- domain: orbitdatadepot4.cfd
- domain: orbitdatadepot4.lol
- domain: orbitdatadepot4.sbs
- domain: orbitdatadepot4.xyz
- domain: orbitdatadepot5.baby
- domain: orbitdatadepot5.cyou
- domain: orbitdatadepot5.homes
- domain: orbitdatadepot5.lat
- domain: orbitdatadepot5.lol
- domain: orbitdatadepot5.sbs
- domain: orbitkazmatrix.info
- domain: quantumdataserver1.cfd
- domain: quantumdataserver1.cyou
- domain: quantumdataserver1.homes
- domain: quantumdataserver1.lat
- domain: quantumdataserver1.lol
- domain: quantumdataserver1.sbs
- domain: quantumdataserver1.xyz
- domain: quantumdataserver2.lat
- domain: quantumdataserver3.homes
- domain: quantumdataserver3.xyz
- domain: quantumdataserver4.cfd
- domain: quantumdataserver4.cyou
- domain: quantumdataserver4.lat
- domain: quantumdataserver4.lol
- domain: quantumdataserver4.xyz
- domain: quantumdataserver5.lat
- domain: quantumdataserver5.xyz
- domain: rapidfilevault1.cfd
- domain: rapidfilevault1.cyou
- domain: rapidfilevault1.homes
- domain: rapidfilevault1.xyz
- domain: rapidfilevault2.cfd
- domain: rapidfilevault2.lat
- domain: rapidfilevault2.lol
- domain: rapidfilevault3.homes
- domain: rapidfilevault3.lat
- domain: rapidfilevault3.lol
- domain: rapidfilevault3.xyz
- domain: rapidfilevault4.baby
- domain: rapidfilevault4.cyou
- domain: rapidfilevault4.lol
- domain: rapidfilevault5.baby
- url: https://api.github.com/repos/stamparm/maltrail/commits/ec8342b15abddc237e1b999c04072fc4b5f43ac3
- url: https://www.enki.co.kr/en/media-center/blog/contagious-interview-campaign-abusing-vscode-distributed-on-github
- domain: vscodesettings03kui.vercel.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/0e066b2b2daac5880207b573683196ae43c1c20b
- url: https://x.com/byrne_emmy12099/status/2027362636669812866
- url: https://www.virustotal.com/gui/file/1fd4cdad8d32dc17513b4e4a79f42c9d616e5268d63ed497a43aea0669e50c00/detection
- ip: 107.189.24.28
- domain: 107-189-24-28.cprapid.com
- domain: 107.189.24.28.sslip.io
- domain: conform.site
- domain: contras.site
- domain: layer5043.space
- domain: websites.ink
- domain: admin.contras.site
- domain: api.contras.site
- domain: api.websites.ink
- domain: app.contras.site
- domain: backend.contras.site
- domain: demo.contras.site
- domain: demo.websites.ink
- domain: dev.contras.site
- domain: staging.contras.site
- url: https://api.github.com/repos/stamparm/maltrail/commits/3512fa9f3229d7079bd9af31eb6f6b87b48519b3
- url: https://x.com/smica83/status/2027366771783557194
- url: https://www.virustotal.com/gui/file/cd973f4aa8d847341e0aac04ca5f4c2e06ae22a8e5ec7dcdbd0d281f3dbc9cc5/detection
- url: https://www.virustotal.com/gui/file/bf967d084a8397a8e5d18550bbffcb8b4727ee1ca69786b5cc4246326518e0cf/detection
- url: https://www.virustotal.com/gui/file/171eba62ff1726c421e64868ee492710ba274a7f4d5b1ec5e1835431fb0ab0d5/detection
- url: https://www.virustotal.com/gui/file/3a15e0ed7f7a7419108511f28c80f1d7670860d8198335d57f4a1d350ff0715f/detection
- domain: eszja.cloud
- domain: eszja.net
- domain: nav.domains
- domain: tokenad.io
- domain: eszja.com
- domain: eszjagov.com
- domain: nav.eszja.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/c89cb01b23ca317314109279a0097af4fc049a95
- url: https://www.symantec.com/security_response/writeup.jsp?docid=2016-063014-0934-99&tabid=2
- domain: sync.appchecks.rr.nu
Maltrail IOC for 2026-02-27
Description
Maltrail IOC for 2026-02-27
AI-Powered Analysis
Technical Analysis
This threat report concerns a Maltrail IOC dated February 27, 2026, sourced from the CIRCL OSINT Feed, classified under malware and network activity categories. Maltrail is an open-source network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known indicators. The IOC is tagged with medium risk and is an observational event without specific affected software versions or detailed indicators of compromise. No patches or known exploits are associated with this IOC, indicating it is primarily an intelligence observation rather than an active exploit report. The technical details provided are minimal, including a UUID and an original timestamp, but no concrete indicators such as IP addresses, domains, or file hashes are included. The absence of detailed technical indicators limits the ability to perform targeted detection or remediation. The IOC's classification as medium severity suggests a moderate potential impact on confidentiality, integrity, or availability, likely due to the malware nature and network activity involved. The report is intended for use in threat intelligence correlation and network monitoring enhancements rather than immediate incident response. Organizations using Maltrail or similar network detection tools should incorporate this IOC into their monitoring to identify potential malicious network behavior. The lack of known exploits and patches implies that this is a proactive intelligence feed rather than a reactive alert to an ongoing attack campaign.
Potential Impact
The potential impact of this IOC is moderate, reflecting the medium severity rating. As it relates to malware and network activity, organizations could face risks including unauthorized network access, data exfiltration, or disruption of network services if the underlying malware is active. However, the absence of known exploits in the wild and lack of specific affected versions reduce the immediacy and severity of the threat. The impact is primarily on network security monitoring and threat detection capabilities. Organizations that do not integrate updated threat intelligence may miss early signs of malicious activity, increasing the risk of undetected compromise. Conversely, organizations with mature security operations and network monitoring can use this IOC to enhance detection and potentially prevent malware-related incidents. The broad and generic nature of the IOC means it could apply to many sectors and geographies, especially those with significant network infrastructure and internet exposure. The lack of patch availability suggests mitigation relies on detection and response rather than vulnerability remediation. Overall, the impact is moderate but underscores the importance of continuous threat intelligence integration and network monitoring to mitigate malware risks.
Mitigation Recommendations
1. Integrate the Maltrail IOC into existing network monitoring and intrusion detection systems to enhance detection of suspicious traffic patterns. 2. Regularly update threat intelligence feeds, including OSINT sources like CIRCL, to maintain awareness of emerging malware indicators. 3. Conduct network traffic analysis focusing on anomalies that may indicate malware activity, such as unusual outbound connections or data flows. 4. Employ behavioral analytics and correlation with other threat intelligence to identify potential compromise early. 5. Ensure incident response teams are prepared to investigate and respond to alerts generated by Maltrail or similar detection tools. 6. Harden network perimeter defenses, including firewalls and proxy configurations, to limit exposure to malicious traffic. 7. Educate network administrators and security personnel on interpreting Maltrail alerts and integrating them into broader security operations. 8. Since no patches are available, emphasize detection and containment strategies rather than relying on vulnerability remediation. 9. Perform regular network segmentation and least privilege enforcement to limit malware propagation if detected. 10. Maintain comprehensive logging and monitoring to support forensic analysis if an incident occurs.
Technical Details
- Uuid
- ca644701-62d1-4217-ada4-37452e8086db
- Original Timestamp
- 1772204412
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0646683ef79252a23e46ab0f0c2f5cd19622153a | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ef8592c301ca981ee5e763e64a2799a42dfb624a | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9b786d496f9492f593d4f4d4d65f55da0fe1f8ee | gorat | |
urlhttps://x.com/malwrhunterteam/status/2027011120574124509 | gorat | |
urlhttps://x.com/smica83/status/2027089623122403792 | gorat | |
urlhttps://www.virustotal.com/gui/file/91a2945d99ee794a0461427a14ca731187b8143b847b85993ea7d5367c2c1c0c/detection | gorat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a6a5d4fc2e913d96182c8ba9c1cf9296ae1d8c3e | apt_bitter | |
urlhttps://x.com/RedDrip7/status/2027209484784017629 | apt_bitter | |
urlhttps://www.virustotal.com/gui/file/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76/detection | apt_bitter | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3f6f94d4cbe5ca9362428adb4dee7084d1cdd24b | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/580ed2e5cc6de73363f5768a87fbdd3339dc2d7c | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/d1bfeeffb9ce99d92afa5d76997222d616214c0df0a12a6099d09d8c94f1a1fa/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1aef6ec81fe3d2f652843e6dbe91455a2cd62f5c | smokeloader | |
urlhttps://www.virustotal.com/gui/file/7e92a078f6f875b189bc4b2bca87f4f737eb2048356a51a1962f359b645d1b0f/detection | smokeloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fc046d4c30e9cf55674bf051ff38d5ddd5ded3d6 | powershell_injector | |
urlhttps://x.com/volrant136/status/2027043925819896216 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/b2e9ef81af6c4686944e5c589d420fc9dffbf9af7afe3e1e913cece273626070/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d80f240b6a29965ab001b54937bd0551badb89b4 | fakeapp | |
urlhttps://x.com/solostalking/status/2027059234941419597 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0b2c6651676f745850e5150528d491647cdb0f53 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/032c33b2917a05e61f48ff99ab0faaf523441536 | apt_unc2465 | |
urlhttps://x.com/g0njxa/status/2027082406847709524 | apt_unc2465 | |
urlhttps://www.virustotal.com/gui/file/30427b6732fea64c2cdc0b40c19695902f2bdea5f87dab16b4082bb3cf208557/detection | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/74c61d633c2eb017465ce1b7646c2f872175ae41 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3c6c4f689af3ec7e6f24f87b35a37f4099b65569 | supershell_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e9623bfbd172be2f96469a10dde8e27981257fa0 | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c318d0436c65b48f13d1843c5b25df90af33213d | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/45feac2ab60ae548370394c0e3f8d96ac03b4e31 | python_injector | |
urlhttps://www.virustotal.com/gui/file/90f2b095eb3b4dd8b484cc50a3501601891d242e715cdc88bc1def44ef891fd5/detection | python_injector | |
urlhttps://www.virustotal.com/gui/file/07131e3fcb9e65c1e4d2e756efdb9f263fd90080d3ff83fbcca1f31a4890ebdb/detection | python_injector | |
urlhttps://www.virustotal.com/gui/file/50e8f85878234db719b27099ed389426f0c25e78bcce9814226c3b3d55ec99fa/detection | python_injector | |
urlhttps://www.virustotal.com/gui/file/65229ef9d09e4cbfae326d41c517576cc2143c259fd764f259f3925fc8917c8b/detection | python_injector | |
urlhttps://www.virustotal.com/gui/file/ae5bbb7cb9cc6da0947f65add264d421f90bd3ea04bc85035f23b615cb7be56e/detection | python_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/40957fdc420272df142da97aea5cab94fa2151b7 | generic | |
urlhttps://x.com/smica83/status/2027321348641419634 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8f741ef2319a71e7fdd4535399e57722426e1baa | fakeapp | |
urlhttps://x.com/tuckner/status/2027129670693495262 | fakeapp | |
urlhttps://annex.security/blog/pixel-perfect | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/beb190e455a03c309301507e2fef1aff26fec6d1 | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/046507b1605fc4fff7fbda4ca00c288c666772ed | plugx | |
urlhttps://x.com/780thC/status/2027014144646594734 | plugx | |
urlhttps://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata | plugx | |
urlhttps://www.virustotal.com/gui/file/d0eeef1b864c653c59242e0e90c87c24da440555217dfdda815e0b53a24c6336/detection | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f8eeb640dc4067b3be0774bef05604143027c6bb | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8af1be6c7241bf5efa3a40ac4a01623fa85e8106 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9e32234844778ee037dc03b0bbb34382984ace80 | osx_atomic | |
urlhttps://x.com/osint_barbie/status/2027258678978433419 | osx_atomic | |
urlhttps://x.com/osint_barbie/status/2027258760507334982 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/287e7cad45c263e0bd8625f1ac6562b634ae5ff2 | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/17691826c77ac512dce449a8a335bf26c035dc18 | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/460f87669f823bc1a2faffac94437f072a0b62dd | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/94f775970d17c5cdc6d236edb5f87a4f01910fbb | generic | |
urlhttps://www.virustotal.com/gui/ip-address/85.12.205.35/relations | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1098aac99b275aea870b6d7a49e25380e08dd769 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ec8342b15abddc237e1b999c04072fc4b5f43ac3 | apt_lazarus | |
urlhttps://www.enki.co.kr/en/media-center/blog/contagious-interview-campaign-abusing-vscode-distributed-on-github | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0e066b2b2daac5880207b573683196ae43c1c20b | apt_kimsuky | |
urlhttps://x.com/byrne_emmy12099/status/2027362636669812866 | apt_kimsuky | |
urlhttps://www.virustotal.com/gui/file/1fd4cdad8d32dc17513b4e4a79f42c9d616e5268d63ed497a43aea0669e50c00/detection | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3512fa9f3229d7079bd9af31eb6f6b87b48519b3 | powershell_injector | |
urlhttps://x.com/smica83/status/2027366771783557194 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/cd973f4aa8d847341e0aac04ca5f4c2e06ae22a8e5ec7dcdbd0d281f3dbc9cc5/detection | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/bf967d084a8397a8e5d18550bbffcb8b4727ee1ca69786b5cc4246326518e0cf/detection | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/171eba62ff1726c421e64868ee492710ba274a7f4d5b1ec5e1835431fb0ab0d5/detection | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/3a15e0ed7f7a7419108511f28c80f1d7670860d8198335d57f4a1d350ff0715f/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c89cb01b23ca317314109279a0097af4fc049a95 | apt_37 | |
urlhttps://www.symantec.com/security_response/writeup.jsp?docid=2016-063014-0934-99&tabid=2 | apt_37 |
Domain
| Value | Description | Copy |
|---|---|---|
domainrv-tools.info | apt_unc2465 | |
domainonline.zitlex.com | apt_lazarus | |
domainzitlex.com | apt_lazarus | |
domainmsftconnecttest.xyz | gorat | |
domaina.msftconnecttest.xyz | gorat | |
domainasset.msftconnecttest.xyz | gorat | |
domaindemo.msftconnecttest.xyz | gorat | |
domaintest.msftconnecttest.xyz | gorat | |
domainashersoftlib.com | apt_bitter | |
domainpetitle.cloud | android_joker | |
domainresistantmusic.shop | powershell_injector | |
domaindax.estate | smokeloader | |
domain162-19-214-220.eyeohost.net | powershell_injector | |
domain162.19.214.220.sslip.io | powershell_injector | |
domainapostile.zapto.org | powershell_injector | |
domaingoogletranslate.zapto.org | powershell_injector | |
domainbehnam.strangled.net | powershell_injector | |
domainphoenixnetwork2.xyz | powershell_injector | |
domainfontfix-chrome.com | fakeapp | |
domainalpha-glance-rz.tech | fakeapp | |
domainchromium-report-tech-331as-2s1-tcd-h143.alpha-glance-rz.tech | fakeapp | |
domaindoji-board-raz.top | fakeapp | |
domainbeekeeperstudio-db.com | apt_unc2465 | |
domainbeekeeperstudio.cc | apt_unc2465 | |
domainbeekeeperstudio.co | apt_unc2465 | |
domainbeekeeperstudio.pro | apt_unc2465 | |
domainbeekeeperstudio.space | apt_unc2465 | |
domainbeekeeperstudio.tech | apt_unc2465 | |
domaincomputerservicesource.com | apt_unc2465 | |
domaindbeaver-database.app | apt_unc2465 | |
domaindbeaver-database.cc | apt_unc2465 | |
domaindbeaver-database.cloud | apt_unc2465 | |
domaindbeaver-database.co | apt_unc2465 | |
domaindbeaver-database.com | apt_unc2465 | |
domaindbeaver-database.org | apt_unc2465 | |
domaindbeaver-database.pro | apt_unc2465 | |
domaindbeaver-database.tech | apt_unc2465 | |
domaindbeaver-database.us | apt_unc2465 | |
domainheidisql-enterprise.app | apt_unc2465 | |
domainheidisql-enterprise.cc | apt_unc2465 | |
domainheidisql-enterprise.cloud | apt_unc2465 | |
domainheidisql-enterprise.co | apt_unc2465 | |
domainheidisql-enterprise.com | apt_unc2465 | |
domainheidisql-enterprise.ltd | apt_unc2465 | |
domainheidisql-enterprise.org | apt_unc2465 | |
domainheidisql-enterprise.pro | apt_unc2465 | |
domainheidisql-enterprise.tech | apt_unc2465 | |
domainheidisql-enterprise.us | apt_unc2465 | |
domainheidisql.space | apt_unc2465 | |
domainnmap.space | apt_unc2465 | |
domainrvtools-dev.com | apt_unc2465 | |
domainrvtools-skillcamp.com | apt_unc2465 | |
domainrvtools.link | apt_unc2465 | |
domainsoftwarep2p.com | apt_unc2465 | |
domainvmware-rvtools.app | apt_unc2465 | |
domainvmware-rvtools.cc | apt_unc2465 | |
domainvmware-rvtools.cloud | apt_unc2465 | |
domainvmware-rvtools.com | apt_unc2465 | |
domainvmware-rvtools.ltd | apt_unc2465 | |
domainvmware-rvtools.org | apt_unc2465 | |
domainvmware-rvtools.pro | apt_unc2465 | |
domainvmware-rvtools.tech | apt_unc2465 | |
domainvmware-rvtools.us | apt_unc2465 | |
domainbeekeeperstudio.softwarep2p.com | apt_unc2465 | |
domaindbeaver.softwarep2p.com | apt_unc2465 | |
domaindownload.rvtools-dev.com | apt_unc2465 | |
domaindownload.rvtools-skillcamp.com | apt_unc2465 | |
domainnmap.softwarep2p.com | apt_unc2465 | |
domainrvtools.softwarep2p.com | apt_unc2465 | |
domaincontrol-profile4.com | ek_clearfake | |
domaindapps-exchange.com | ek_clearfake | |
domainkunde-commerzbank.info | ek_clearfake | |
domainmijnfluviubeheer.com | ek_clearfake | |
domainmrelay-infocolis.com | ek_clearfake | |
domainneofinancial-auth.com | ek_clearfake | |
domainxotca.com | osx_atomic | |
domainpylex.xyz | python_injector | |
domainthor.pylex.xyz | python_injector | |
domainwintr.pylex.xyz | python_injector | |
domainmelo.pylex.xyz | python_injector | |
domainworkflow-rest-wars-cargo.trycloudflare.com | generic | |
domainbookrave.top | fakeapp | |
domainbrowser-extension.store | fakeapp | |
domaindoodlebuggle.top | fakeapp | |
domainextension-12dq.lat | fakeapp | |
domainextension-studio.lat | fakeapp | |
domainextension.icu | fakeapp | |
domainextensionanalytics.top | fakeapp | |
domainextensionanalyticscenter.top | fakeapp | |
domainextensionanalyticspro.top | fakeapp | |
domainextensioncentre.top | fakeapp | |
domaingetextensionanalytics.top | fakeapp | |
domainkowqlak.lat | fakeapp | |
domainslerok.top | fakeapp | |
domainapi.extension-12dq.lat | fakeapp | |
domainapi.extension-studio.lat | fakeapp | |
domainapi.extension.icu | fakeapp | |
domainapi.extensionanalytics.top | fakeapp | |
domainapi.extensionanalyticscenter.top | fakeapp | |
domainapi.extensionanalyticspro.top | fakeapp | |
domainapi.extensioncentre.top | fakeapp | |
domainapi.getextensionanalytics.top | fakeapp | |
domainapi.slerok.top | fakeapp | |
domainws.extensionanalyticspro.top | fakeapp | |
domainhk.heying168.dpdns.org | plugx | |
domaindecoraat.net | plugx | |
domaingesecole.net | plugx | |
domainonedow.gesecole.net | plugx | |
domain303mattress.com | osx_atomic | |
domaindemaled.com | osx_atomic | |
domainfrolicforlife.com | osx_atomic | |
domainlilhomo.com | osx_atomic | |
domainmoltbot-io.com | osx_atomic | |
domainnivitv.com | osx_atomic | |
domainsimpelecapp.com | osx_atomic | |
domaindev.simpelecapp.com | osx_atomic | |
domainget.moltbot-io.com | osx_atomic | |
domainfilemintednode.com | — | |
domainfilezenithsync.com | — | |
domainadvanceddreams.com | osx_atomic | |
domainapps-tahoe.com | osx_atomic | |
domainaxisjam.com | osx_atomic | |
domainbabyspedia.com | osx_atomic | |
domainbenaadironline.com | osx_atomic | |
domainbermavidrio.com | osx_atomic | |
domainbestoralcarebd.com | osx_atomic | |
domainbewitchydating.com | osx_atomic | |
domainbonjourdoll.com | osx_atomic | |
domainbquickautotransport.com | osx_atomic | |
domainbroganfund.com | osx_atomic | |
domaincamdenhine.com | osx_atomic | |
domaincardio-d3fence.com | osx_atomic | |
domaincelebratudespedida.com | osx_atomic | |
domaincoco-fun2.com | osx_atomic | |
domaindharmikrami.com | osx_atomic | |
domainespootapump.com | osx_atomic | |
domainevanyalabs.com | osx_atomic | |
domainfemaleledworld.com | osx_atomic | |
domainget-mac-downloader.com | osx_atomic | |
domaingetpaidtoshipcars.com | osx_atomic | |
domainhenleyscleaning.com | osx_atomic | |
domainholoxworldwide.com | osx_atomic | |
domainhombressimbolicos.com | osx_atomic | |
domainhuntforwhitetails.com | osx_atomic | |
domainicreaeditorial.com | osx_atomic | |
domainideafactorydesign.com | osx_atomic | |
domainihcdn.com | osx_atomic | |
domainikaaudio.com | osx_atomic | |
domainikasan.com | osx_atomic | |
domaininfinitydental-us.com | osx_atomic | |
domainironmanjosh.com | osx_atomic | |
domainiyalojacoop.com | osx_atomic | |
domainjetkonnect.com | osx_atomic | |
domainjjdevelopment3.com | osx_atomic | |
domainjustjivie.com | osx_atomic | |
domainlamestjamal.com | osx_atomic | |
domainlnvilinbe.com | osx_atomic | |
domainlumier-x.com | osx_atomic | |
domainluzicleaning.com | osx_atomic | |
domainmarineso.com | osx_atomic | |
domainmaryambinfahad.com | osx_atomic | |
domainmaryannelatanyshyn.com | osx_atomic | |
domainmaxysai.com | osx_atomic | |
domainmissisoft.com | osx_atomic | |
domainmoalam.com | osx_atomic | |
domainmuhibul.com | osx_atomic | |
domainneighborsaver.com | osx_atomic | |
domainnetro-stmen.com | osx_atomic | |
domainnoorets4so.com | osx_atomic | |
domainnwesfactory.com | osx_atomic | |
domainosmac-get.com | osx_atomic | |
domainpaulocruzes.com | osx_atomic | |
domainpurefellowship.com | osx_atomic | |
domainrampageactive.com | osx_atomic | |
domainreadingtheneedle.com | osx_atomic | |
domainrestorationsmedia.com | osx_atomic | |
domainrileycrabtreemusic.com | osx_atomic | |
domainrollencharlies.com | osx_atomic | |
domainshinygemlight.com | osx_atomic | |
domainsimmiddleeast.com | osx_atomic | |
domainstumbleandstirbeautybar.com | osx_atomic | |
domainthefirstfollow.com | osx_atomic | |
domainthevipstay.com | osx_atomic | |
domaintrackprotech.com | osx_atomic | |
domaintradingview-terminal.com | osx_atomic | |
domaintri2s-sh7es.com | osx_atomic | |
domainvalpem.com | osx_atomic | |
domainwatchzmall.com | osx_atomic | |
domainwhattodoincusco.com | osx_atomic | |
domainwhywetlandmatters.com | osx_atomic | |
domainworkingspells.com | osx_atomic | |
domainwowirishtours.com | osx_atomic | |
domainxhifting.com | osx_atomic | |
domainxpressdispatchers.com | osx_atomic | |
domainyourenergyispower.com | osx_atomic | |
domainzeeklyons.com | osx_atomic | |
domaina.apps-tahoe.com | osx_atomic | |
domaina.get-mac-downloader.com | osx_atomic | |
domaina.netro-stmen.com | osx_atomic | |
domaina.osmac-get.com | osx_atomic | |
domainb.apps-tahoe.com | osx_atomic | |
domainb.netro-stmen.com | osx_atomic | |
domaindatabase-lists.com | apt_unc2465 | |
domainheidisql.database-lists.com | apt_unc2465 | |
domainvmwarevelocity.com | apt_unc2465 | |
domainrvtools.vmwarevelocity.com | apt_unc2465 | |
domainauroracloudhub1.baby | — | |
domainauroracloudhub1.homes | — | |
domainauroracloudhub1.xyz | — | |
domainauroracloudhub2.baby | — | |
domainauroracloudhub2.lat | — | |
domainauroracloudhub2.xyz | — | |
domainauroracloudhub3.cfd | — | |
domainauroracloudhub3.cyou | — | |
domainauroracloudhub3.homes | — | |
domainauroracloudhub3.lat | — | |
domainauroracloudhub4.cyou | — | |
domainauroracloudhub4.homes | — | |
domainorbitdatadepot1.cyou | — | |
domainorbitdatadepot1.homes | — | |
domainorbitdatadepot1.xyz | — | |
domainorbitdatadepot2.cfd | — | |
domainorbitdatadepot2.lol | — | |
domainorbitdatadepot2.xyz | — | |
domainorbitdatadepot3.cfd | — | |
domainorbitdatadepot3.homes | — | |
domainorbitdatadepot3.lol | — | |
domainorbitdatadepot4.baby | — | |
domainorbitdatadepot4.cfd | — | |
domainorbitdatadepot4.lol | — | |
domainorbitdatadepot4.sbs | — | |
domainorbitdatadepot4.xyz | — | |
domainorbitdatadepot5.baby | — | |
domainorbitdatadepot5.cyou | — | |
domainorbitdatadepot5.homes | — | |
domainorbitdatadepot5.lat | — | |
domainorbitdatadepot5.lol | — | |
domainorbitdatadepot5.sbs | — | |
domainorbitkazmatrix.info | — | |
domainquantumdataserver1.cfd | — | |
domainquantumdataserver1.cyou | — | |
domainquantumdataserver1.homes | — | |
domainquantumdataserver1.lat | — | |
domainquantumdataserver1.lol | — | |
domainquantumdataserver1.sbs | — | |
domainquantumdataserver1.xyz | — | |
domainquantumdataserver2.lat | — | |
domainquantumdataserver3.homes | — | |
domainquantumdataserver3.xyz | — | |
domainquantumdataserver4.cfd | — | |
domainquantumdataserver4.cyou | — | |
domainquantumdataserver4.lat | — | |
domainquantumdataserver4.lol | — | |
domainquantumdataserver4.xyz | — | |
domainquantumdataserver5.lat | — | |
domainquantumdataserver5.xyz | — | |
domainrapidfilevault1.cfd | — | |
domainrapidfilevault1.cyou | — | |
domainrapidfilevault1.homes | — | |
domainrapidfilevault1.xyz | — | |
domainrapidfilevault2.cfd | — | |
domainrapidfilevault2.lat | — | |
domainrapidfilevault2.lol | — | |
domainrapidfilevault3.homes | — | |
domainrapidfilevault3.lat | — | |
domainrapidfilevault3.lol | — | |
domainrapidfilevault3.xyz | — | |
domainrapidfilevault4.baby | — | |
domainrapidfilevault4.cyou | — | |
domainrapidfilevault4.lol | — | |
domainrapidfilevault5.baby | — | |
domainvscodesettings03kui.vercel.app | apt_lazarus | |
domain107-189-24-28.cprapid.com | apt_kimsuky | |
domain107.189.24.28.sslip.io | apt_kimsuky | |
domainconform.site | apt_kimsuky | |
domaincontras.site | apt_kimsuky | |
domainlayer5043.space | apt_kimsuky | |
domainwebsites.ink | apt_kimsuky | |
domainadmin.contras.site | apt_kimsuky | |
domainapi.contras.site | apt_kimsuky | |
domainapi.websites.ink | apt_kimsuky | |
domainapp.contras.site | apt_kimsuky | |
domainbackend.contras.site | apt_kimsuky | |
domaindemo.contras.site | apt_kimsuky | |
domaindemo.websites.ink | apt_kimsuky | |
domaindev.contras.site | apt_kimsuky | |
domainstaging.contras.site | apt_kimsuky | |
domaineszja.cloud | powershell_injector | |
domaineszja.net | powershell_injector | |
domainnav.domains | powershell_injector | |
domaintokenad.io | powershell_injector | |
domaineszja.com | powershell_injector | |
domaineszjagov.com | powershell_injector | |
domainnav.eszja.com | powershell_injector | |
domainsync.appchecks.rr.nu | apt_37 |
Ip
| Value | Description | Copy |
|---|---|---|
ip107.172.39.100 | apt_bitter | |
ip185.82.202.150 | powershell_injector | |
ip162.19.214.220 | powershell_injector | |
ip35.78.231.220 | supershell_c2 | |
ip38.165.42.12 | supershell_c2 | |
ip45.113.1.204 | supershell_c2 | |
ip64.81.30.195 | supershell_c2 | |
ip141.98.7.177 | sectoprat | |
ip179.61.145.140 | sectoprat | |
ip193.5.65.119 | sectoprat | |
ip78.46.66.146 | sectoprat | |
ip212.227.65.132 | python_injector | |
ip101.43.106.66 | cyberstrikeai | |
ip81.70.144.252 | cyberstrikeai | |
ip85.12.205.35 | generic | |
ip107.189.24.28 | apt_kimsuky |
Threat ID: 69a1c1e632ffcdb8a23f4ccd
Added to database: 2/27/2026, 4:10:14 PM
Last enriched: 2/27/2026, 4:28:59 PM
Last updated: 2/28/2026, 6:42:23 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
KRVTZ-NET IDS alerts for 2026-02-28
LowMaltrail IOC for 2026-02-28
MediumThreatFox IOCs for 2026-02-27
MediumFake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
MediumNew Dohdoor malware campaign targets education and health care
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.